The FreeBSD Project

The release notes for FreeBSD 4.6.2-RELEASE contain
a summary of the changes made to the FreeBSD base
system since 4.5-RELEASE. Both changes for kernel and
userland are listed, as well as applicable security
advisories for the base system that were issued since
the last release. Some brief remarks on upgrading are
also presented.

This document contains the release notes for FreeBSD
4.6.2-RELEASE on the Alpha/AXP hardware platform. It
describes new features of FreeBSD that have been added (or
changed) since 4.5-RELEASE. It also provides some notes on
upgrading from previous versions of FreeBSD.

This distribution of FreeBSD 4.6.2-RELEASE is a ``point
release'', intended to address some issues (primarily
security-related) discovered in FreeBSD 4.6-RELEASE.
Originally, it was to carry the version number 4.6.1.
However, several additional issues arose during the release
engineering process, causing added delays. To avoid
confusion, the release engineering and security teams
decided that it would be best to rename the
release-in-progress to 4.6.2.

This section describes the most user-visible new or
changed features in FreeBSD since 4.5-RELEASE. Typical
release note items document new drivers or hardware
support, new commands or options, major bugfixes, or
contributed software upgrades. Security advisories for the
base system that were issued after 4.5-RELEASE are also
listed.

Release note entries that describe changes specific to
this point release are marked with [4.6.2].

The kernel dump device can now be set via the dumpdev loader tunable. As a result,
it is now possible to obtain crash dumps from panics
during the late stages of kernel initialization (before
the system enters into single-user mode).

The snp(4) device is no
longer static and can now be compiled as a module.

The my driver, which supports the Myson Fast
Ethernet and Gigabit Ethernet adapters, has been
added.

The wi(4) driver now has
support for Prism II and Prism 2.5-based NICs.
104/128-bit WEP now works on Prism cards.

The wi(4) driver now
supports using a FreeBSD host as a wireless access
point. This functionality can be enabled using the mediaopt hostap option of ifconfig(8). This
feature requires a wireless adapter based on the Prism
II chipset.

Selected network drivers now implement a
semi-polling mode, which makes systems much more
resilient to attacks and overloads. To enable polling,
the following options are required in a kernel
configuration file:

The kern.polling.enable sysctl
variable will then activate polling mode; with the kern.polling.user_frac sysctl
indicating the percentage of CPU time to be reserved
for userland. The devices initially supporting polling
are dc(4), fxp(4), rl(4), and sis(4). More details
can be found in the polling(4) manual
page.

bridge(4) now has
better support for multiple, fully-independent bridging
clusters, and is much more stable in the presence of
dynamic attachments and detatchments. Full support for
VLANs is also supported.

A bug in the IPsec processing for IPv4, which caused
the inbound SPD checks to be ignored, has been
fixed.

A new ng_eiface netgraph module has been added,
which appears as an Ethernet interface but delivers its
Ethernet frames to a Netgraph hook.

A new ng_etf(4) netgraph
node allows Ethernet type packets to be filtered to
different hooks depending on ethertype.

The tcp(4) syncache
implementation had a bug that could cause kernel
panics; this has been fixed.

A bug was been fixed in soft updates that could
cause occasional filesystem corruption if the system is
shut down immediately after performing heavy filesystem
activities, such as installing a new kernel or other
software.

An ``off-by-one'' bug has been fixed in OpenSSH's multiplexing code. This bug
could have allowed an authenticated remote user to cause
sshd(8) to execute
arbitrary code with superuser privileges, or allowed a
malicious SSH server to execute arbitrary code on the
client system with the privileges of the client user.
(See security advisory FreeBSD-SA-02:13.)

A programming error in zlib
could result in attempts to free memory multiple times.
The malloc(3)/free(3) routines used
in FreeBSD are not vulnerable to this error, but
applications receiving specially-crafted blocks of
invalid compressed data could be made to function
incorrectly or abort. This zlib bug has been fixed. For a
workaround and solutions, see security advisory FreeBSD-SA-02:18.

Bugs in the TCP SYN cache (``syncache'') and SYN
cookie (``syncookie'') implementations, which could cause
legitimate TCP/IP traffic to crash a machine, have been
fixed. For a workaround and patches, see security
advisory FreeBSD-SA-02:20.

A routing table memory leak, which could allow a
remote attacker to exhaust the memory of a target
machine, has been fixed. A workaround and patches can be
found in security advisory FreeBSD-SA-02:21.

A bug with memory-mapped I/O, which could cause a
system crash, has been fixed. For more information about
a solution, see security advisory FreeBSD-SA-02:22.

A security hole, in which SUID programs could be made
to read from or write to inappropriate files through
manipulation of their standard I/O file descriptors, has
been fixed. Information regarding a solution can be found
in security advisory FreeBSD-SA-02:23.

[4.6.2] The original fix for security advisory
SA-02:23 (which addressed the use of file descriptors by
set-user-id or set-group-id programs) contained an error.
It was still possible for systems using procfs(5) or linprocfs(5) to be
exploited. This error has now been corrected; a revised
version of security advisory FreeBSD-SA-02:23 contains more
details.

Some unexpected behavior could be allowed with k5su(8) because it does
not require that an invoking user be a member of the wheel group when attempting to
become the superuser (this is the case with su(1)). To avoid this
situation, k5su(8) is now
installed non-SUID by default (effectively disabling it).
More information can be found in security advisory FreeBSD-SA-02:24.

Multiple vulnerabilities were found in the bzip2(1) utility, which
could allow files to be overwritten without warning or
allow local users unintended access to files. These
problems have been corrected with a new import of bzip2. For more information, see
security advisory FreeBSD-SA-02:25.

A bug has been fixed in the implementation of the TCP
SYN cache (``syncache''), which could allow a remote
attacker to deny access to a service when accept filters
(see accept_filter(9)) were
in use. This bug has been fixed; for more information,
see security advisory FreeBSD-SA-02:26.

Due to a bug in rc(8)'s use of shell
globbing, users may be able to remove the contents of
arbitrary files if /tmp/.X11-unix does not exist and the
system can be made to reboot. This bug has been corrected
(see security advisory FreeBSD-SA-02:27).

[4.6.2] A buffer overflow in the resolver, which could
be exploited by a malicious domain name server or an
attacker forging DNS messages, has been fixed. See
security advisory FreeBSD-SA-02:28 for more details.

[4.6.2] A buffer overflow in tcpdump(1), which could
be triggered by badly-formed NFS packets, has been fixed.
See security advisory FreeBSD-SA-02:29 for more details.

[4.6.2] ktrace(1) can no longer
trace the operation of formerly privileged processes;
this prevents the leakage of sensitive information that
the process could have obtained before abandoning its
privileges. For a discussion of this issue, see security
advisory FreeBSD-SA-02:30 for more details.

[4.6.2] A race condition in pppd(8), which could be
used to change the permissions of an arbitrary file, has
been corrected. For more information, see security
advisory FreeBSD-SA-02:32.

[4.6.2] Multiple buffer overflows in OpenSSL have been corrected, by way of
an upgrade to the base system version of OpenSSL. More details can be found in
security advisory FreeBSD-SA-02:33.

[4.6.2] A heap buffer overflow in the XDR decoder has
been fixed. For more details, see security advisory FreeBSD-SA-02:34.

[4.6.2] A bug that could allow local users to read and
write arbitrary blocks on an FFS filesystem has been
corrected. More details can be found in security advisory
FreeBSD-SA-02:35.

[4.6.2] A bug in the NFS server code, which could
allow a remote denial of service attack, has been fixed.
Security advisory FreeBSD-SA-02:36 has more details.

[4.6.2] A bug that could allow local users to panic a
system using the kqueue(2) mechanism has
been fixed. More information is contained in security
advisory FreeBSD-SA-02:37.

/etc/rc.firewall and /etc/rc.firewall6 will no longer
add their own hardcoded rules in the cases of a rules
file in the firewall_type
variable or a non-existent firewall type. (The motivation
for this change is to avoid acting on assumptions about a
site's firewall policies.) In addition, the closed firewall type now works as
documented in the rc.firewall(8) manual
page.

The functionality of /etc/security has been been moved into a
set of scripts under the periodic(8) framework,
to make local customization easier and more maintainable.
These scripts now reside in /etc/periodic/security/.

The ether address family of ifconfig(8) has been
changed to a more generic link
family (ether is still accepted
for backwards compatability).

fsdb(8) now supports a
blocks command to list the
blocks allocated by a particular inode.

k5su(8) is no longer
installed SUID root by default.
Users requiring this feature can either manually change
the permissions on the k5su(8) executable or
add ENABLE_SUID_K5SU=yes to /etc/make.conf before a source
upgrade.

ldd(1) can now be used
on shared libraries, in addition to executables.

last(1) now supports a
-y flag, which causes the year to
be included in the session start time.

libstand now has support for
loading large kernels and modules split across several
physical media.

libusb has been renamed as
libusbhid, following NetBSD's
naming conventions.

lpd(8) now recognizes
the -s flag as the preferred
synonym for -p (these flags cause
lpd(8) not to open a
socket for network print jobs).

lpd(8) now implements a
new rc printcap option. When
specified in a print queue for a remote host, boolean
option causes lpd(8) to resend the
data file for each copy the user requested via lpr -#n.

ls(1) now accepts a -h flag, which when combined with the
-l flag, causes file sizes to be
printed with unit suffixes, such that the number of
digits printed is fewer than four.

m4(1) now accepts a -s flag to cause it to emit #line directives for use by cpp(1).

mergemaster(8) now
supports two new flags. The -p
flag enables a ``pre-buildworld'' mode to compare files known
to be essential to the success of the buildworld and installworld system updating steps. The
-C flag, used after a successful
mergemaster(8) run,
compares options in /etc/rc.conf to the default options in
/etc/defaults/rc.conf.

ngctl(8) now supports a
write command to send a data
packet down a given hook.

patch(1) now accepts a
-i command-line flag to read a
patch from a file, rather than standard input.

[4.6.2] pam_opie(8) no longer
emits fake challenges when the no_fake_prompts variable is specified.

sshd(8) no longer emits
fake S/Key challenges for users who do not have S/Key
enabled. The prior behavior created confusing, useless
one-time-password prompts when using some newer SSH
clients to connect to a FreeBSD system.

sysinstall(8) now has
rudimentary support for retrieving packages from the
correct volume of a multiple-volume installation (such as
a multi-CD distribution).

Locales with names of the form *.EUC have been renamed to the form *.euc??. For example, ja_JP.EUC has become ja_JP.eucJP. This improves locale name
compatability with FreeBSD CURRENT, X11R6, and a number
of other UNIX versions.

The locale support was synchronized with the code from
FreeBSD -CURRENT. This change brings support for the LC_NUMERIC, LC_MONETARY, and LC_MESSAGES categories, as well as
improvements to strftime(3), revised
locale definitions, and improvement of the localization
of many base system programs.

sendmail has been
updated to 8.12.3. sendmail(8) is no
longer installed as a set-user-ID root binary (now set-group-ID smmsp). See /usr/src/contrib/sendmail/RELEASE_NOTES
and /etc/mail/README for
more information.

With this sendmail
upgrade, multiple sendmail
daemons (some required to handle outgoing mail) are
started by rc(8), even if the
sendmail_enable variable is
set to NO. To completely
disable sendmail, sendmail_enable must be set to
NONE. Alternatively, for
systems using a different MTA, the mta_start_script variable can be used
to point to a different startup script (more details
can be found in rc.sendmail(8)).

The permissions for sendmail alias and map databases
built via /etc/mail/Makefile now default to
mode 0640 to protect against a file locking local
denial of service. It can be changed by setting the
new SENDMAIL_MAP_PERMSmake.conf option.

The permissions for the sendmail statistics file, /var/log/sendmail.st, have been
changed from mode 0644 to mode 0640 to protect
against a file locking local denial of service.

[4.6.2] A potential DNS map buffer overflow bug
(in code that is not used in configurations by
default) has been fixed.

Note: This bug has been addressed in
FreeBSD 4.6-STABLE by the import of a newer
version of sendmail.

The Ports Collection infrastructure now uses XFree86 4.2.0 as the default
version of the X Window System for the purposes of
satisfying dependencies. To return to using XFree86 3.3.6, add the following line
to /etc/make.conf:

XFree86 4.2.0 is now the
default version of the X Window System supported by sysinstall(8). It
installs XFree86 as a set of
standard binary packages, so the usual package utilities
such as pkg_info(1) can be used
to examine/manipulate its components.

[4.6.2] A bug that caused /usr/share/examples to be incompletely
populated on fresh installs has been fixed.

If you're upgrading from a previous release of FreeBSD,
you generally will have three options:

Using the binary upgrade option of sysinstall(8). This
option is perhaps the quickest, although it presumes
that your installation of FreeBSD uses no special
compilation options.

Performing a complete reinstall of FreeBSD.
Technically, this is not an upgrading method, and in
any case is usually less convenient than a binary
upgrade, in that it requires you to manually backup and
restore the contents of /etc.
However, it may be useful in cases where you want (or
need) to change the partitioning of your disks.

From source code in /usr/src. This route is more flexible,
but requires more disk space, time, and technical
expertise. More information can be found in the ``Using make
world'' section of the FreeBSD Handbook. Upgrading from
very old versions of FreeBSD may be problematic; in
cases like this, it is usually more effective to
perform a binary upgrade or a complete reinstall.

Please read the INSTALL.TXT
file for more information, preferably before beginning
an upgrade. If you are upgrading from source, please be
sure to read /usr/src/UPDATING as
well.